QwikSec

Security Database

CVE

CWE

Training

CVE-2020-14352

Published: Aug 30, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

A flaw was found in librepo in versions before 1.12.1. A directory traversal vulnerability was found where it failed to sanitize paths in remote repository metadata. An attacker controlling a remote repository may be able to copy files outside of the destination directory on the targeted system via path traversal. This flaw could potentially result in system compromise via the overwriting of critical system files. The highest threat from this flaw is to users that make use of untrusted third-party repositories.

Vendor	Product	Versions
n/a	librepo	affected `librepo versions before 1.12.1`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=1866498

x_refsource_MISC

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00072.html

x_refsource_MISC

openSUSE-SU-2020:1428

vendor-advisory

x_refsource_SUSE

FEDORA-2020-5d9f0ce2b3

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-7906a64449

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-b40fc174b5

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.